Type a filter string in the Filter field, and press Return. If the
filter succeeds, the list of policies that match the filter is displayed.

The filter string must consist of one or more characters. Because the filter
mechanism is case sensitive, you need to use the appropriate uppercase and lowercase
letters for the filter. For example, if you type the filter string ge,
the filter mechanism displays only the policies with the ge string in them (for
example, george or edge).

If you want to display the entire list of policies, click Clear Filter.

Example 25-9 Viewing the List of Kerberos Policies (Command Line)

In the following example, the list_policies command of kadmin is used to list
all the policies that match *user*. Wildcards can be used with the list_policies
command.

How to Modify a Kerberos Policy

Select the policy in the list that you want to modify, then click
Modify.

The Policy Details panel is displayed.

Modify the policy's attributes.

Choose Context-Sensitive Help from the Help menu for information about the various attributes
in this window. Or, go to Table 25-5 for all the policy attribute descriptions.

Note - You cannot modify a policy's name. To rename a policy, you must duplicate
the policy, specify a new name for it, save it, and then delete
the old policy.

Click Save to save the policy, or click Done.

Example 25-14 Modifying a Kerberos Policy (Command Line)

In the following example, the modify_policy command of kadmin is used to modify
the minimum length of a password to five characters for the build11 policy.

$ kadmin
kadmin: modify_policy -minlength 5 build11
kadmin: quit

How to Delete a Kerberos Policy

An example of the command-line equivalent follows this procedure.

Note - Before you delete a policy, you must cancel the policy from all principals
that are currently using it. To do so, you need to modify the
principals' Policy attribute. The policy cannot be deleted if any principal is using
it.

Before you delete a policy, you must cancel the policy from all principals
that are currently using it. To do so, you need to use the
modify_principal -policy command of kadmin on the affected principals. The delete_policy command fails if
the policy is in use by a principal.